Data Security & Privacy

Zoho Vault leverages the host-proof-hosting technique - a secure, proven mechanism, which has undergone extensive testing by security experts and has found wide acceptance. Host-proof-hosting revolves around the basic fact of "host sensitive data in encrypted form, so that clients can only access and manipulate it by providing a pass-phrase which is never transmitted to the server. The server is limited to persisting and retrieving whatever encrypted data the browser sends it, and never actually accesses the sensitive data in its plain form. All encryption and decryption takes place inside the browser itself."

The secrets that you store on Zoho Vault literally remain secrets. The data remains completely private and you alone can view the data. All the data are encrypted at the browser itself and Zoho (which hosts the Zoho Vault service) stores only the encrypted data. The 'Passphrase' that you enter to access Zoho Vault, is used as the key to encrypt and decrypt the data at the browser. The passphrase is not stored anywhere in Zoho Vault and hence even Zoho cannot access your data. This design ensures not only information security, but also complete privacy.

Secure Connection

As mentioned above, only encrypted data (AES-256 bit) is always sent over the internet. In addition, the connection is through SSL.

Tested Against Vulnerabilities

Zoho Vault has been comprehensively tested against Cross-site scripting (XSS), SQL injection and other vulnerabilities